Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Bytebase 3.15.0 release changelog to improve Terraform-related guidance links and clarify a PostgreSQL bug fix description.
Changes:
- Add/adjust Terraform provider documentation links for service account/workload identity and policy-related breaking changes.
- Refine PostgreSQL bug-fix wording to expand “CTE” to “Common Table Expressions (CTE)”.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
zchpeter
reviewed
Feb 14, 2026
| - `DataSourceQueryPolicy` is merged into `QueryDataPolicy` and deprecated (auto-migrated). | ||
| - DDL/DML execution control is now configured at the project role level using `bb.sql.ddl` and `bb.sql.dml` permissions. The previous `disallow_ddl` / `disallow_dml` environment policy is removed. | ||
| - For Terraform users, the settings update also affect Terraform, need to update bytebase_policy configuration. [Latest provider documentation](https://registry.terraform.io/providers/bytebase/bytebase/3.15.1/docs/resources/policy) | ||
| - DDL/DML execution control is now managed via `bb.sql.ddl` and `bb.sql.dml` project role permissions, which can be restricted to specific environments. The previous `disallow_ddl` / `disallow_dml` environment policy is removed. |
Contributor
There was a problem hiding this comment.
DDL and DML execution control spans Settings/Policy updates and Role/Permissions
A better approach would be a separate section for DDL and DML execution control update, may be the first item in this "Other Notable Changes"
should explain:
- Environment condition is added to
bb.sql.ddlandbb.sql.dmlrole grant as a replacement fordisallow_ddlanddisallow_dmlenvironment policy, - Only 1 environment condition can be configured for each IAM Policy (i.e. role grant). If you have different policies for DDL and DML previous (e.g. disallow DDL but allow DML), the recommended practice is to create 2 different roles - 1 for
bb.sql.ddlenvironment condition and 1 forbb.sql.dmlenvironment condition. disallow_ddlanddisallow_dmlare automatically migrated to be reflected in the role grants in an OR operation manner - if for specific environment, eitherdisallow_ddlordisallow_dmlis set to OFF, this environment condition will be configured for the role withbb.sql.ddlorbb.sql.dmlpermission. This could lead to breaking changes to the DDL and DML control if yourdisallow_ddlanddisallow_dmlare different in the environment policies, please take note and after the upgrade, follow the recommended practice to configure your role grants.- for Terraform users, update the environment policy and your role grants accordingly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.